<?php
    include "include/function.php";
	session_start();
	if (isset($_POST['doCancel'])) {
		header("Location: index");
		exit;
	}
	if (isset($_POST['doLogin'])) {
		if (!isset($_POST['user_id']) || !isset($_POST['password'])){
			header("Location: error?error=" . urlencode("User ID or password cannot be NULL"));
			exit;
		}

		$user_id = $_POST['user_id'];
        if (get_magic_quotes_gpc())
            stripslashes($user_id);
        $user_id = mysql_escape_string($user_id);
        if (strlen($user_id) > 20)
            header("Location: error?error=" . urlencode("User ID is too long"));
		$password = $_POST['password'];
        if (get_magic_quotes_gpc())
            stripslashes($password);
        $password = mysql_escape_string($password);
        if (strlen($user_id) > 32)
            header("Location: error?error=" . urlencode("Password is too long"));

		if (isset($_POST['autoLogin'])) {
			setcookie('user_id', $user_id);
			setcookie('password', $password);
		}
		else {
			setcookie('user_id', '');
			setcookie('password', '');
		}

		if (login($user_id, $password) != -1) {
			$_SESSION['user_id'] = $user_id;
			header("Location: index");
			exit;
		}
		else {
			header("Location: error?error=" . urlencode("User ID or password do not exist"));
			exit;
		}
	}
?>
